urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion
Ddos 
The maintainers of urllib3, the ubiquitous HTTP client for Python, have issued a security advisory detailing two high-severity vulnerabilities that could allow malicious servers to crash client applications via resource exhaustion. Both flaws carry a CVSS score of 8.9 (High) and affect millions of applications relying on this foundational library.
The first vulnerability, CVE-2025-66418, targets how urllib3 handles compressed data streams. The library supports “chained HTTP encoding algorithms,” allowing servers to stack compression methods like gzip and zstd.
However, researchers discovered that “the number of links in the decompression chain was unbounded”. This oversight creates a critical weakness: a malicious server could “insert a virtually unlimited number of compression steps,” forcing the client to allocate massive amounts of memory and CPU cycles to decode the stream. This “decompression bomb” effect can easily crash the client application.
The second flaw, CVE-2025-66471, affects the library’s streaming API. Designed for efficiency, this API is supposed to read large responses in manageable chunks.
However, the advisory reveals a dangerous implementation error. “When streaming a compressed response, urllib3 can perform decoding or decompression… [and] must read compressed data from the network and decompress it until the requested chunk size is met”.
The vulnerability arises because a tiny amount of compressed data can expand into a massive block of uncompressed text. The logic failure forces the library “to fully decode a small amount of highly compressed data in a single operation,” holding the entire result in memory. This leads to “excessive resource consumption (high CPU usage and massive memory allocation…)” on the client side, effectively neutralizing the benefits of streaming.
The impact is broad. Any application using urllib3 version 2.5.0 and earlier to request data from untrusted sources is vulnerable. This includes standard HTTP requests where content decoding is enabled by default, as well as streaming calls like stream(), read(), and read_chunked().
The project maintainers urge all users to upgrade immediately.
- The Fix: Upgrade to urllib3 v2.6.0 or later.
- Brotli Users: If your environment supports Brotli encoding, you must also upgrade to Brotli 1.2.0 or brotlicffi 1.2.0.0.
For those unable to patch immediately, the advisory suggests disabling automatic content decoding (preload_content=False) and manually verifying the Content-Encoding header to ensure it contains a safe number of encodings.
Donate